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DETAILED ACTION 
Specification 

1 . Applicant is reminded of the proper language and format for an abstract of the disclosure. 

The abstract should be in narrative form and generally limited to a single paragraph on a 
separate sheet within the range of 50 to 150 words. It is important that the abstract not exceed 
150 words in length since the space provided for the abstract on the computer tape used by the 
printer is limited. The form and legal phraseology often used in patent claims, such as "means" 
and "said," should be avoided. The abstract should describe the disclosure sufficiently to assist 
readers in deciding whether there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information given in the 
title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," 
"The disclosure defined by this invention," "The disclosure describes," etc. 

2. The abstract of the disclosure is objected to because: 

a. It exceeds the maximum allowed number of words. 

b. The phrase "A network system includes" is unnecessary. 
Correction is required. See MPEP § 608.01(b). 

Response to Arguments 

3. Applicant's arguments with respect to claims 1-8 have been considered but are moot in 
view of the new ground(s) of rejection. The examiner acknowledges that the Matchefts et al. 
reference is invalid and the new grounds of rejection can be found below. 

4. Applicant argues "The remaining references. . .rejection of claims 1-9" (page 9, paragraph 
2). This argument is not persuasive in light of the use of Sidey in the new grounds of rejection. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
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such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1, 2, 5, 6, 10, 1 1, 14, and 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sidey in view of Hansen. 

7. Regarding claim 1, Sidey teach a network management system comprising a plurality of 
network devices (column 3, line 67 - column 4, line 2) operating in a coordinated manner and a 
management server (figure 1, reference number 102) managing the plurality of network devices, 
the management server comprising: 

a. Means for confirming consistency of the setup information set up in the 
plurality of network devices (column 9, lines 34-38). Note that in the 
reference, the configuration information for both hardware and software of 
network nodes is collected and compared to the nominal setup in a database. 
If there is a discrepancy, action will be taken, if not, the device is noted as 
consistent. 

Although the system disclosed by Sidey shows substantial features of the claimed 
invention, it fails to disclose: 

a. Means for generating a plurality of pieces of setup information to be used for 
the plurality of network devices on which settings are to be made, the plurality 
of pieces of setup information being generated to maintain consistency. 
Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey, as evidenced by Hansen. 

In an analogous art, Hansen discloses a configuration management system for remote 
monitoring and configuration of network elements with a management server comprising: 
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a. Means for generating a plurality of pieces of setup information to be used for 
the plurality of network devices on which settings are to be made, the plurality 
of pieces of setup information being generated to maintain consistency 
(colunm 5, lines 23-27). Note that in the reference, configuration information 
is generated in order to maintain consistency of network device configuration. 
Given the teaching of Hansen, a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey by employing the 
generation of setup information for network elements. The system of Sidey receives and 
compares current configuration information to ensure system consistency. It is a logical 
extension of this to then generate configuration information for the client and re-configure it. 
This benefits the system by relieving the need for additional work by a system administrator and 
decreases possible down time. 

8. Regarding claim 2, Sidey and Hansen teach all the limitations as applied to claim 1 . 
Sidey further teaches means wherein the management server further comprises: 

a. Means for retrieving meta-level setup information from each of said plurality 
of pieces of setup information (column 10, lines 23-26). Note that in the 
reference, the "meta-information" includes the computer name and previous 
information entered into the database about the network element. 

b. Means for retrieving interrelated setup information set up in said plurality of 
network devices (column 9, lines 20-26). Note that the server communicates 
with the network elements to obtain configuration or setup information. 
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9. Regarding claim 5, Sidey and Hansen teach all the Hmitations as applied to claim 1 . 
Sidey further teach means wherein: 

a. The network device is a server (column 4, lines 9-15). Note that in the 
reference, any type of network element could be included; the clients can be 
servers to another system. 
Although the system disclosed by Sidey and Hansen (as applied to claim 1) shows 
substantial features of the claimed invention, it fails to disclose including setup information that 
includes an access privilege of the server. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen. 

A person having ordinary skill in the art would have readily recognized the desirability 
and advantages of modifying Sidey and Hansen by employing the inclusion of access policy for 
a managed server. Servers are just another network element to be managed, and security is 
probably the most important aspect of server management. This would be a natural addition of 
setup information that would be a necessity for all servers to be confirmed for consistency and 
automatically configured. 

10. Regarding claim 6, Sidey and Hansen teach all the limitation as applied to claim 1 . Sidey 
further teach means wherein: 

a. The network device is a computer executing a network application 
periodically exchanging data (column 4, lines 12-15). Note that in the 
reference, one of the specifically mentioned network elements is a router. 
Routers are network elements that exchange data. 
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b. Wherein each of the plurality of pieces of setup information includes setup 
information related to the network application (column 9, lines 20-40). Note 
that in the reference, routers are given as an example and different setup 
information about those elements is enumerated. 
11. Regarding claim 10, Sidey teaches a network management system having a plurality of 
network devices operating in a coordinated marmer and a management server managing said 
plurality of network devices, the network management server comprising means for: 

a. Distributing a plurality of pieces of setup information to each of said network 
devices (column 9, lines 49-60). Note that in the reference, a number of setup 
parameters can be distributed to the network elements. 

b. Wherein each of said plurality of setup information is for each of said 
plurality of network devices operating in a coordinated manner respectively 
and has no inconsistencies with each other as to operating of said network 
devices in a coordinated maimer (column 9, lines 34-38, 49-60). Note that in 
the reference, the setup of network elements is assessed for consistency and 
any discrepancies are reported or "fixed" automatically. 

Although the system disclosed by Sidey shows substantial features of the claimed 
invention, it fails to disclose means for: 

a. Generating a plurality of pieces of setup information based on predefined 
meta-level information that is referred to for causing said plurality of network 
devices to operate in a coordinated manner. 
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Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey, as evidenced by Hansen. 

In an analogous art, Hansen discloses a configuration management system for remote 
monitoring and configuration of network elements with a management server comprising means 
for: 

a. Generating a plurality of pieces of setup information based on predefined 
meta-level information that is referred to for causing said plurality of network 
devices to operate in a coordinated manner (column 5, lines 23-27). Note that 
in the reference, configuration information is generated in order to maintain 
consistency of network device configuration. 
Given the teaching of Hansen, a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey by employing the 
generation of setup information for network elements. The system of Sidey receives and 
compares current configuration information to ensure system consistency. It is a logical 
extension of this to then generate configuration information for the client and re-configure it. 
This benefits the system by relieving the need for additional work by a system administrator and 
decreases possible down time. 

12. Regarding claim 1 1, Sidey teaches all the limitations as applied to claim 10, He further 
teaches means for: 

a. Collecting setup information for a network device of said plurality of network 
devices (column 9, lines 21-26). Note that in the reference, a number of setup 
parameters can be collected from the network elements. 
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b. Checking said meta-level information to be checked with said predefined 
meta-level information (column 9, lines 34-38). Note that in the reference, the 
configuration information is compared to the nominal setup information for 
the device. 

Although the system disclosed by Sidey shows substantial features of the claimed 
invention, it fails to disclose means for: 

a. Generating meta-level information to be checked based on said collected setup 
information. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey, as evidenced by Hansen. 

In an analogous art, Hansen discloses a configuration management system for remote 
monitoring and configuration of network elements with a management server comprising means 
for: 

a. Generating meta-level information to be checked based on said collected 
setup information (column 5, lines 23-27). Note that in the reference, 
configuration information is generated in order to maintain consistency of 
network device configuration. This is the type of information that would be 
checked. 

Given the teaching of Hansen, a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey by employing the 
generation of setup information for network elements. The system of Sidey receives and 
compares current configuration information to ensure system consistency. It is a logical 
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extension of this to then generate configuration information for the client and re-configure it. 
This benefits the system by relieving the need for additional work by a system administrator and 
decreases possible down time. 

13. Regarding claim 14, Sidey and Hansen teach all the limitations as applied to claim 10. 
Sidey further teaches means wherein: 

a. The network device is a server (column 4, lines 9- 1 5). Note that in the 
reference, any type of network element could be included; the clients can be 
servers to another system. 
Although the system disclosed by Sidey and Hansen shows substantial features of the 
claimed invention, it fails to disclose including setup information that includes an access 
privilege of the server. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen. 

A person having ordinary skill in the art would have readily recognized the desirability 
and advantages of modifying Sidey and Hansen by employing the inclusion of access policy for 
a managed server. Servers are just another network element to be managed, and security is 
probably the most important aspect of server management. This would be a natural addition of 
setup information that would be a necessity for all servers to be confirmed for consistency and 
automatically configured. 

14. Regarding claim 15, Sidey and Hansen teach all the limitation as applied to claim 10. 
Sidey further teach means wherein: 
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a. The network device is a computer executing a network application 
periodically exchanging data (column 4, lines 12-15). Note that in the 
reference, one of the specifically mentioned network elements is a router. 
Routers are network elements that exchange data. 

b. Wherein each of the plurality of pieces of setup information includes setup 
information related to the network application (column 9, lines 20-40). Note 
that in the reference, routers are given as an example and different setup 
information about those elements is enumerated. 

15. Claims 3 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over Sidey 
and Hansen as applied to claims 1 and 10 respectively, and further in view of Crichton et al, 

16. Regarding claim 3, although the system disclosed by Sidey and Hansen (as applied to 
claim 1) shows substantial features of the claimed invention, it fails to disclose means wherein 
each of the plurality of pieces of setup information includes tunneling setup information. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen, as evidenced by Crichton et al. 

In an analogous art, Crichton et al. discloses a system for the setup of communications 
between machines behind disparate firewalls. The system includes each of the plurality of pieces 
of setup information includes turmeling setup information (column 4, lines 20-34). 

Given the teaching of Crichton et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey and Hansen by employing 
tunneling setup information in the standard setup information. Firewalls are a common network 
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element that must be setup in any configuration operation. Setting them up for tunneling allows 
for greater ease of communication between machines on both sides of the firewall. 

17. Regarding claim 12, although the system disclosed by Sidey and Hansen (as applied to 
claim 10) shows substantial features of the claimed invention, it fails to disclose means wherein 
each of the plurality of pieces of setup information includes tunneling setup information. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen, as evidenced by Crichton et al. 

In an analogous art, Crichton et al. discloses a system for the setup of communications 
between machines behind disparate firewalls. The system includes each of the plurality of pieces 
of setup information includes tunneling setup information (column 4, lines 20-34). 

Given the teaching of Crichton et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey and Hansen by employing 
tunneling setup information in the standard setup information. Firewalls are a common network 
element that must be setup in any configuration operation. Setting them up for tunneling allows 
for greater ease of communication between machines on both sides of the firewall. 

18. Claims 4, 7, 13, and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sidey and Hansen as applied to claims 1,1,10, and 10, respectively, and further in view of Antur 
et al. 

19. Regarding claim 4, although the system disclosed by Sidey and Hansen (as applied to 
claim 1) shows substantial features of the claimed invention, it fails to disclose means wherein: 

a. The network device is a firewall 
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b. Each of the pluraUty of pieces of setup information includes setup information 
related to access control for the firewall. 
Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen, as evidenced by Antur et aL, 

In an analogous art, Antur et al. disclose a system for configuration (setup) wherein: 

a. The network device is a firewall (figure 2; column 6, lines 50-55). 

b. Each of the plurality of pieces of setup information includes setup information 
related to access control for the firewall (column 6, lines 50-55). 

Given the teaching of Antur et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey and Hansen by employing 
the use of setup information for firewalls. Firewalls require a large amount of setup information 
and must be commonly administered by a small number of personnel. 
20. Regarding claim 7, Sidey and Hansen teach all the limitations as applied to claim 1 . 
Sidey further teach means wherein: 

a. The management server includes means for distributing routing means for 
routing settings from setup information for the firewall (column 4, lines 12- 
15). Note that router information can be included in the setup information. 

b. Distributed routing means (to firewalls or other network devices) include 
means for setting up the setup information in the network device (column 9, 
lines 20-40). 

Although the system disclosed by Sidey and Hansen (as applied to claim 1) shows 
substantial features of the claimed invention, it fails to disclose: 
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a. A firewall is disposed between the management server and a network device. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen, as evidenced by Antur et al.. 

In an analogous art, Antur et al. disclose a system for firewall configuration (setup) 
wherein: 

a. A firewall is disposed between the management server and a network device 
(figure 2). Note that the act of configuring the firewall fulfills this 
requirement. The reference also teaches configuration of other security 
devices inside and outside the firewall. 
Given the teaching of Antur et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey and Hansen by including 
routing information for further setup of network devices on the other side of the configured 
firewall. This allows for a management server at a remote location (possibly a third party) to 
operate outside the firewall and provide configuration without physical access. 
21 . Regarding claim 13, although the system disclosed by Sidey and Hansen (as applied to 
claim 10) shows substantial features of the claimed invention, it fails to disclose means wherein: 

a. The network device is a firewall 

b. Each of the plurality of pieces of setup information includes setup information 
related to access control for the firewall. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen, as evidenced by Antur et al.. 

In an analogous art, Antur et al. disclose a system for configuration (setup) wherein: 
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a. The network device is a firewall (figure 2; column 6, lines 50-55). 

b. Each of the plurality of pieces of setup information includes setup information 
related to access control for the firewall (column 6, lines 50-55). 

Given the teaching of Antur et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey and Hansen by employing 
the use of setup information for firewalls. Firewalls require a large amount of setup information 
and must be commonly administered by a small number of personnel. 

22. Regarding claim 16, Sidey and Hansen teach all the limitations as applied to claim 1 0. 
Sidey further teach means wherein: 

a. The management server includes means for distributing routing means for 
routing settings from setup information for the firewall (column 4, lines 12- 
15). Note that router information can be included in the setup information. 

b. Distributed routing means (to firewalls or other network devices) include 
means for setting up the setup information in the network device (column 9, 
lines 20-40). 

Although the system disclosed by Sidey and Hansen (as applied to claim 1) shows 
substantial features of the claimed invention, it fails to disclose: 

a. A firewall is disposed between the management server and a network device. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen, as evidenced by Antur et al.. 

In an analogous art, Antur et al. disclose a system for firewall configuration (setup) 
wherein: 
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a. A firewall is disposed between the management server and a network device 



(figure 2). Note that the act of configuring the firewall fulfills this 



requirement. The reference also teaches configuration of other security 



devices inside and outside the firewall. 



Given the teaching of Antur et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey and Hansen by including 
routing information for further setup of network devices on the other side of the configured 
firewall. This benefits the system by allowing a management server at a remote location 
(possibly a third party) to operate outside the firewall and provide configuration without physical 
access. 

23. Claims 8 and 17 are rejected under 35 U.S.C. 103(a) as being unpatentable over Sidey 
and Hansen as applied to claims 1 and 10, respectively, and further in view of Reid et al. 

24. Regarding claim 8, Sidey and Hansen, teach all the limitations as applied to claim 1 . 
Although the system disclosed by Sidey and Hansen (as applied to claim 1 ) shows 

substantial features of the claimed invention, it fails to disclose means wherein the management 
server and the routing means include means for performing mutual authentication and means for 
encrypting data. 

Nonetheless, these features are well knovra in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen as evidenced by Reid et al.. 

In an analogous art, Reid et al. discloses a system for firewall configuration including 
means wherein a the management server and the routing means include means for performing 
mutual authentication and means for encrypting data (column 3, lines 1-7; column 5, lines 51- 
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57). Note that the purpose of the firewall includes authentication and encryption between clients 
and servers on opposite sides of the firewall. 

Given the teaching of Reid et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey and Hansen by employing 
the inclusion of authentication and encryption instructions in the setup information to the 
firewall. These are common functions of a firewall and must be included in any setup 
information. Including them in the automatic setup benefits the system by allowing for 
guaranteed consistency of this security policy. 

25. Regarding claim 17, although the system disclosed by Sidey and Hansen (as applied to 
claim 10) shows substantial features of the claimed invention, it fails to disclose means wherein 
the management server and the routing means include means for performing mutual 
authentication and means for encrypting data. 

Nonetheless, these features are well known in the art and would have been an obvious 
modification of the system disclosed by Sidey and Hansen as evidenced by Reid et al.. 

In an analogous art, Reid et al. discloses a system for firewall configuration including 
means wherein a the management server and the routing means include means for performing 
mutual authentication and means for encrypting data (column 3, lines 1-7; column 5, lines 51- 
57). Note that the purpose of the firewall includes authentication and encryption between clients 
and servers on opposite sides of the firewall. 

Given the teaching of Reid et al., a person having ordinary skill in the art would have 
readily recognized the desirability and advantages of modifying Sidey and Hansen by employing 
the inclusion of authentication and encryption instructions in the setup information to the 
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firewall. These are common functions of a firewall and must be included in any setup 
information. Including them in the automatic setup benefits the system by allowing for 
guaranteed consistency of this security policy. 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kevin Parton whose telephone number is (703)306-0543. The 
examiner can normally be reached on M-F 8:00AM - 4:30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glenton Burgess can be reached on (703)305-4792. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703)746-9242 for regular 
communications and (703)746-7238 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703)305-3900. 
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